FileUp executes in the same security context as IIS, which is typically as user IUSR_Machinename (or, if you are using Basic or Windows Integrated Authentication, the authenticated user's account will be used). FileUp can only write to directories which have permissions for the accounts which are used by your file transfer web applications, according to the settings in Internet Service Manager.
The physical directories which will store the uploaded files require NTFS permissions of Read, Write and Modify (Read, Write, Delete in NT)
Since FileUp is writing to disk, it is suggested that you set permissions appropriately to disable write access by IUSR_Machinename to inappropriate areas such as the Windows root directory.
Also, FileUp has a .MaxBytes attribute which you can use to set the maximum size of an uploaded file. This will prevent your users from filling your Web server's disk. FileUp will write up to 'MaxBytes' number of bytes and then immediately stop.